How To Write A Good Privacy Policy: Lessons From Colorado Indymedia
Slashdot recently published a story about the difficulty involved in reading privacy policies. They claim that some policies require a PhD to read, and they’re absolutely right. I recently did an analysis of Google’s privacy policy, which was an all-day project for somebody who knows the law fairly well. In fact, a recent lawsuit against Facebook criticizes them for having a confusing privacy policy, saying that a user would have to read 27,000 words just to understand their advertising program.
Why do companies like Facebook and Google make their privacy policies so hard to understand? For one, these policies are written by lawyers. By nature, they will be more difficult to understand than most other parts of the site but it doesn’t have to be that way. By writing excess amounts of disclaimers and vague definitions, they can be sure that they’ve covered all of their basis and that they are immune to legal attack. Or, at least that’s the impression they get. The recent lawsuit against Facebook shows that by having a confusing privacy policy, they are opening themselves to attack on the mere basis that it is confusing and also because it is hard to be diligent about privacy with such large policies.